rbac::RBACData Class Reference

#include <RBAC.h>

Public Member Functions
	RBACData (uint32 id, std::string const &name, int32 realmId, uint8 secLevel=255)
std::string const &	GetName () const
	Gets the Name of the Object. More...
uint32	GetId () const
	Gets the Id of the Object. More...
HasPermission
Checks if certain action is allowed Checks if certain action can be performed. Returns grant or deny action Example Usage: bool Player::CanJoinArena(Battleground* bg) { return bg->isArena() && HasPermission(RBAC_PERM_JOIN_ARENA); }
bool	HasPermission (uint32 permission) const
RBACPermissionContainer const &	GetPermissions () const
	Returns all the granted permissions (after computation) More...
RBACPermissionContainer const &	GetGrantedPermissions () const
	Returns all the granted permissions. More...
RBACPermissionContainer const &	GetDeniedPermissions () const
	Returns all the denied permissions. More...
GrantRole
Grants a permission Grants a permission to the account. If realm is 0 or the permission can not be added No save to db action will be performed. Fails if permission Id does not exists or permission already granted or denied Parameters permissionId permission to be granted realmId realm affected Returns Success or failure (with reason) to grant the permission Example Usage: // previously defined "RBACData* rbac" with proper initialization uint32 permissionId = 2; if (rbac->GrantRole(permissionId) == RBAC_IN_DENIED_LIST) TC_LOG_DEBUG("entities.player", "Failed to grant permission %u, already denied", permissionId);
RBACCommandResult	GrantPermission (uint32 permissionId, int32 realmId=0)
DenyPermission
Denies a permission Denied a permission to the account. If realm is 0 or the permission can not be added No save to db action will be performed. Fails if permission Id does not exists or permission already granted or denied Parameters permissionId permission to be denied realmId realm affected Returns Success or failure (with reason) to deny the permission Example Usage: // previously defined "RBACData* rbac" with proper initialization uint32 permissionId = 2; if (rbac->DenyRole(permissionId) == RBAC_ID_DOES_NOT_EXISTS) TC_LOG_DEBUG("entities.player", "Role Id %u does not exists", permissionId);
RBACCommandResult	DenyPermission (uint32 permissionId, int32 realmId=0)

Private Member Functions
CalculateNewPermissions
Calculates new permissions Calculates new permissions after some change The calculation is done Granted - Denied: Granted permissions: through linked permissions and directly assigned Denied permissions: through linked permissions and directly assigned
void	CalculateNewPermissions ()
int32	GetRealmId () const
bool	HasGrantedPermission (uint32 permissionId) const
	Checks if a permission is granted. More...
bool	HasDeniedPermission (uint32 permissionId) const
	Checks if a permission is denied. More...
void	AddGrantedPermission (uint32 permissionId)
	Adds a new granted permission. More...
void	RemoveGrantedPermission (uint32 permissionId)
	Removes a granted permission. More...
void	AddDeniedPermission (uint32 permissionId)
	Adds a new denied permission. More...
void	RemoveDeniedPermission (uint32 permissionId)
	Removes a denied permission. More...
void	AddPermissions (RBACPermissionContainer const &permsFrom, RBACPermissionContainer &permsTo)
	Adds a list of permissions to another list. More...
void	RemovePermissions (RBACPermissionContainer &permsFrom, RBACPermissionContainer const &permsToRemove)
	Removes a list of permissions from another list. More...

RevokePermission
Removes a permission Removes a permission from the account. If realm is 0 or the permission can not be removed No save to db action will be performed. Any delete operation will always affect "all realms (-1)" in addition to the realm specified Fails if permission not present Parameters permissionId permission to be removed realmId realm affected Returns Success or failure (with reason) to remove the permission Example Usage: // previously defined "RBACData* rbac" with proper initialization uint32 permissionId = 2; if (rbac->RevokeRole(permissionId) == RBAC_OK) TC_LOG_DEBUG("entities.player", "Permission %u succesfully removed", permissionId);
RBACCommandResult	RevokePermission (uint32 permissionId, int32 realmId=0)
void	LoadFromDB ()
	Loads all permissions assigned to current account. More...
PreparedQueryResultFuture	LoadFromDBAsync ()
void	LoadFromDBCallback (PreparedQueryResult result)
void	SetSecurityLevel (uint8 id)
	Sets security level. More...
uint8	GetSecurityLevel () const
	Returns the security level assigned. More...
void	SavePermission (uint32 role, bool granted, int32 realm)
	Saves a permission to DB, Granted or Denied. More...
void	ClearData ()
	Clears roles, groups and permissions - Used for reload. More...

ExpandPermissions
Adds the list of linked permissions to the original list Given a list of permissions, gets all the inherited permissions Parameters permissions The list of permissions to expand
uint32	_id
std::string	_name
	Account id More...
int32	_realmId
	Account name More...
uint8	_secLevel
	RealmId Affected More...
RBACPermissionContainer	_grantedPerms
	Account SecurityLevel More...
RBACPermissionContainer	_deniedPerms
	Granted permissions More...
RBACPermissionContainer	_globalPerms
	Denied permissions More...
void	ExpandPermissions (RBACPermissionContainer &permissions)

Constructor & Destructor Documentation

rbac::RBACData::RBACData ( uint32  id, std::string const &  name, int32  realmId, uint8  secLevel = 255  )

inline

 :
 _id(id), _name(name), _realmId(realmId), _secLevel(secLevel),
 _grantedPerms(), _deniedPerms(), _globalPerms() { }

Member Function Documentation

void rbac::RBACData::AddDeniedPermission ( uint32  permissionId )

inlineprivate

Adds a new denied permission.

 {
 _deniedPerms.insert(permissionId);
 }

Here is the caller graph for this function:

void rbac::RBACData::AddGrantedPermission ( uint32  permissionId )

inlineprivate

Adds a new granted permission.

 {
 _grantedPerms.insert(permissionId);
 }

Here is the caller graph for this function:

void rbac::RBACData::AddPermissions ( RBACPermissionContainer const &  permsFrom, RBACPermissionContainer &  permsTo  )

private

Adds a list of permissions to another list.

{
 for (RBACPermissionContainer::const_iterator itr = permsFrom.begin(); itr != permsFrom.end(); ++itr)
 permsTo.insert(*itr);
}

void rbac::RBACData::CalculateNewPermissions ( )

private

{
 TC_LOG_TRACE("rbac", "RBACData::CalculateNewPermissions [Id: %u Name: %s]", GetId(), GetName().c_str());

 // Get the list of granted permissions
 _globalPerms = GetGrantedPermissions();
 ExpandPermissions(_globalPerms);
 RBACPermissionContainer revoked = GetDeniedPermissions();
 ExpandPermissions(revoked);
 RemovePermissions(_globalPerms, revoked);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void rbac::RBACData::ClearData ( )

private

Clears roles, groups and permissions - Used for reload.

{
 _grantedPerms.clear();
 _deniedPerms.clear();
 _globalPerms.clear();
}

Here is the caller graph for this function:

RBACCommandResult rbac::RBACData::DenyPermission	(	uint32	permissionId,
		int32	realmId = 0
	)

{
 // Check if permission Id exists
 RBACPermission const* perm = sAccountMgr->GetRBACPermission(permissionId);
 if (!perm)
 {
 TC_LOG_TRACE("rbac", "RBACData::DenyPermission [Id: %u Name: %s] (Permission %u, RealmId %d). Permission does not exists",
 GetId(), GetName().c_str(), permissionId, realmId);
 return RBAC_ID_DOES_NOT_EXISTS;
 }

 // Check if already added in granted list
 if (HasGrantedPermission(permissionId))
 {
 TC_LOG_TRACE("rbac", "RBACData::DenyPermission [Id: %u Name: %s] (Permission %u, RealmId %d). Permission in grant list",
 GetId(), GetName().c_str(), permissionId, realmId);
 return RBAC_IN_GRANTED_LIST;
 }

 // Already added?
 if (HasDeniedPermission(permissionId))
 {
 TC_LOG_TRACE("rbac", "RBACData::DenyPermission [Id: %u Name: %s] (Permission %u, RealmId %d). Permission already denied",
 GetId(), GetName().c_str(), permissionId, realmId);
 return RBAC_CANT_ADD_ALREADY_ADDED;
 }

 AddDeniedPermission(permissionId);

 // Do not save to db when loading data from DB (realmId = 0)
 if (realmId)
 {
 TC_LOG_TRACE("rbac", "RBACData::DenyPermission [Id: %u Name: %s] (Permission %u, RealmId %d). Ok and DB updated",
 GetId(), GetName().c_str(), permissionId, realmId);
 SavePermission(permissionId, false, realmId);
 CalculateNewPermissions();
 }
 else
 TC_LOG_TRACE("rbac", "RBACData::DenyPermission [Id: %u Name: %s] (Permission %u, RealmId %d). Ok",
 GetId(), GetName().c_str(), permissionId, realmId);

 return RBAC_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void rbac::RBACData::ExpandPermissions ( RBACPermissionContainer &  permissions )

private

{
 RBACPermissionContainer toCheck = permissions;
 permissions.clear();

 while (!toCheck.empty())
 {
 // remove the permission from original list
 uint32 permissionId = *toCheck.begin();
 toCheck.erase(toCheck.begin());

 RBACPermission const* permission = sAccountMgr->GetRBACPermission(permissionId);
 if (!permission)
 continue;

 // insert into the final list (expanded list)
 permissions.insert(permissionId);

 // add all linked permissions (that are not already expanded) to the list of permissions to be checked
 RBACPermissionContainer const& linkedPerms = permission->GetLinkedPermissions();
 for (RBACPermissionContainer::const_iterator itr = linkedPerms.begin(); itr != linkedPerms.end(); ++itr)
 if (permissions.find(*itr) == permissions.end())
 toCheck.insert(*itr);
 }

 TC_LOG_DEBUG("rbac", "RBACData::ExpandPermissions: Expanded: %s", GetDebugPermissionString(permissions).c_str());
}

Here is the call graph for this function:

Here is the caller graph for this function:

RBACPermissionContainer const& rbac::RBACData::GetDeniedPermissions ( ) const

inline

Returns all the denied permissions.

{ return _deniedPerms; }

Here is the caller graph for this function:

RBACPermissionContainer const& rbac::RBACData::GetGrantedPermissions ( ) const

inline

Returns all the granted permissions.

{ return _grantedPerms; }

Here is the caller graph for this function:

uint32 rbac::RBACData::GetId ( ) const

inline

Gets the Id of the Object.

{ return _id; }

Here is the caller graph for this function:

std::string const& rbac::RBACData::GetName ( ) const

inline

Gets the Name of the Object.

{ return _name; }

Here is the caller graph for this function:

RBACPermissionContainer const& rbac::RBACData::GetPermissions ( ) const

inline

Returns all the granted permissions (after computation)

{ return _globalPerms; }

int32 rbac::RBACData::GetRealmId ( ) const

inlineprivate

{ return _realmId; }

Here is the caller graph for this function:

uint8 rbac::RBACData::GetSecurityLevel ( ) const

inline

Returns the security level assigned.

{ return _secLevel; }

Here is the caller graph for this function:

RBACCommandResult rbac::RBACData::GrantPermission	(	uint32	permissionId,
		int32	realmId = 0
	)

{
 // Check if permission Id exists
 RBACPermission const* perm = sAccountMgr->GetRBACPermission(permissionId);
 if (!perm)
 {
 TC_LOG_TRACE("rbac", "RBACData::GrantPermission [Id: %u Name: %s] (Permission %u, RealmId %d). Permission does not exists",
 GetId(), GetName().c_str(), permissionId, realmId);
 return RBAC_ID_DOES_NOT_EXISTS;
 }

 // Check if already added in denied list
 if (HasDeniedPermission(permissionId))
 {
 TC_LOG_TRACE("rbac", "RBACData::GrantPermission [Id: %u Name: %s] (Permission %u, RealmId %d). Permission in deny list",
 GetId(), GetName().c_str(), permissionId, realmId);
 return RBAC_IN_DENIED_LIST;
 }

 // Already added?
 if (HasGrantedPermission(permissionId))
 {
 TC_LOG_TRACE("rbac", "RBACData::GrantPermission [Id: %u Name: %s] (Permission %u, RealmId %d). Permission already granted",
 GetId(), GetName().c_str(), permissionId, realmId);
 return RBAC_CANT_ADD_ALREADY_ADDED;
 }

 AddGrantedPermission(permissionId);

 // Do not save to db when loading data from DB (realmId = 0)
 if (realmId)
 {
 TC_LOG_TRACE("rbac", "RBACData::GrantPermission [Id: %u Name: %s] (Permission %u, RealmId %d). Ok and DB updated",
 GetId(), GetName().c_str(), permissionId, realmId);
 SavePermission(permissionId, true, realmId);
 CalculateNewPermissions();
 }
 else
 TC_LOG_TRACE("rbac", "RBACData::GrantPermission [Id: %u Name: %s] (Permission %u, RealmId %d). Ok",
 GetId(), GetName().c_str(), permissionId, realmId);

 return RBAC_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

bool rbac::RBACData::HasDeniedPermission ( uint32  permissionId ) const

inlineprivate

Checks if a permission is denied.

 {
 return _deniedPerms.find(permissionId) != _deniedPerms.end();
 }

Here is the caller graph for this function:

bool rbac::RBACData::HasGrantedPermission ( uint32  permissionId ) const

inlineprivate

Checks if a permission is granted.

 {
 return _grantedPerms.find(permissionId) != _grantedPerms.end();
 }

Here is the caller graph for this function:

bool rbac::RBACData::HasPermission ( uint32  permission ) const

inline

 {
 return _globalPerms.find(permission) != _globalPerms.end();
 }

Here is the caller graph for this function:

void rbac::RBACData::LoadFromDB

(

)

Loads all permissions assigned to current account.

{
 ClearData();

 TC_LOG_DEBUG("rbac", "RBACData::LoadFromDB [Id: %u Name: %s]: Loading permissions", GetId(), GetName().c_str());
 // Load account permissions (granted and denied) that affect current realm
 PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_RBAC_ACCOUNT_PERMISSIONS);
 stmt->setUInt32(0, GetId());
 stmt->setInt32(1, GetRealmId());

 LoadFromDBCallback(LoginDatabase.Query(stmt));
}

Here is the call graph for this function:

Here is the caller graph for this function:

PreparedQueryResultFuture rbac::RBACData::LoadFromDBAsync

(

)

{
 ClearData();

 TC_LOG_DEBUG("rbac", "RBACData::LoadFromDB [Id: %u Name: %s]: Loading permissions", GetId(), GetName().c_str());
 // Load account permissions (granted and denied) that affect current realm
 PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_RBAC_ACCOUNT_PERMISSIONS);
 stmt->setUInt32(0, GetId());
 stmt->setInt32(1, GetRealmId());

 return LoginDatabase.AsyncQuery(stmt);
}

Here is the call graph for this function:

void rbac::RBACData::LoadFromDBCallback

(

PreparedQueryResult

result

)

{
 if (result)
 {
 do
 {
 Field* fields = result->Fetch();
 if (fields[1].GetBool())
 GrantPermission(fields[0].GetUInt32());
 else
 DenyPermission(fields[0].GetUInt32());
 } while (result->NextRow());
 }

 // Add default permissions
 RBACPermissionContainer const& permissions = sAccountMgr->GetRBACDefaultPermissions(_secLevel);
 for (RBACPermissionContainer::const_iterator itr = permissions.begin(); itr != permissions.end(); ++itr)
 GrantPermission(*itr);

 // Force calculation of permissions
 CalculateNewPermissions();
}

Here is the call graph for this function:

Here is the caller graph for this function:

void rbac::RBACData::RemoveDeniedPermission ( uint32  permissionId )

inlineprivate

Removes a denied permission.

 {
 _deniedPerms.erase(permissionId);
 }

Here is the caller graph for this function:

void rbac::RBACData::RemoveGrantedPermission ( uint32  permissionId )

inlineprivate

Removes a granted permission.

 {
 _grantedPerms.erase(permissionId);
 }

Here is the caller graph for this function:

void rbac::RBACData::RemovePermissions ( RBACPermissionContainer &  permsFrom, RBACPermissionContainer const &  permsToRemove  )

private

Removes a list of permissions from another list.

{
 for (RBACPermissionContainer::const_iterator itr = permsToRemove.begin(); itr != permsToRemove.end(); ++itr)
 permsFrom.erase(*itr);
}

Here is the caller graph for this function:

RBACCommandResult rbac::RBACData::RevokePermission	(	uint32	permissionId,
		int32	realmId = 0
	)

{
 // Check if it's present in any list
 if (!HasGrantedPermission(permissionId) && !HasDeniedPermission(permissionId))
 {
 TC_LOG_TRACE("rbac", "RBACData::RevokePermission [Id: %u Name: %s] (Permission %u, RealmId %d). Not granted or revoked",
 GetId(), GetName().c_str(), permissionId, realmId);
 return RBAC_CANT_REVOKE_NOT_IN_LIST;
 }

 RemoveGrantedPermission(permissionId);
 RemoveDeniedPermission(permissionId);

 // Do not save to db when loading data from DB (realmId = 0)
 if (realmId)
 {
 TC_LOG_TRACE("rbac", "RBACData::RevokePermission [Id: %u Name: %s] (Permission %u, RealmId %d). Ok and DB updated",
 GetId(), GetName().c_str(), permissionId, realmId);
 PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_DEL_RBAC_ACCOUNT_PERMISSION);
 stmt->setUInt32(0, GetId());
 stmt->setUInt32(1, permissionId);
 stmt->setInt32(2, realmId);
 LoginDatabase.Execute(stmt);

 CalculateNewPermissions();
 }
 else
 TC_LOG_TRACE("rbac", "RBACData::RevokePermission [Id: %u Name: %s] (Permission %u, RealmId %d). Ok",
 GetId(), GetName().c_str(), permissionId, realmId);

 return RBAC_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void rbac::RBACData::SavePermission ( uint32  role, bool  granted, int32  realm  )

private

Saves a permission to DB, Granted or Denied.

{
 PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_RBAC_ACCOUNT_PERMISSION);
 stmt->setUInt32(0, GetId());
 stmt->setUInt32(1, permission);
 stmt->setBool(2, granted);
 stmt->setInt32(3, realmId);
 LoginDatabase.Execute(stmt);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void rbac::RBACData::SetSecurityLevel ( uint8  id )

inline

Sets security level.

 {
 _secLevel = id;
 LoadFromDB();
 }

Here is the call graph for this function:

Here is the caller graph for this function:

Member Data Documentation

RBACPermissionContainer rbac::RBACData::_deniedPerms

private

Granted permissions

RBACPermissionContainer rbac::RBACData::_globalPerms

private

Denied permissions

RBACPermissionContainer rbac::RBACData::_grantedPerms

private

Account SecurityLevel

uint32 rbac::RBACData::_id

private

std::string rbac::RBACData::_name

private

Account id

int32 rbac::RBACData::_realmId

private

Account name

uint8 rbac::RBACData::_secLevel

private

RealmId Affected

---

The documentation for this class was generated from the following files:

• src/server/game/Accounts/RBAC.h
• src/server/game/Accounts/RBAC.cpp